<!DOCTYPE html>
<html>

<head>
	<meta charset="utf-8">
	<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
	<meta name="theme-color" content="#33474d">
	<title>失落的乐章</title>
	<link rel="stylesheet" href="/css/style.css" />
	
      <link rel="alternate" href="/atom.xml" title="失落的乐章" type="application/atom+xml">
    
</head>

<body>

	<header class="header">
		<nav class="header__nav">
			
				<a href="/archives" class="header__link">Archive</a>
			
				<a href="/tags" class="header__link">Tags</a>
			
				<a href="/atom.xml" class="header__link">RSS</a>
			
		</nav>
		<h1 class="header__title"><a href="/">失落的乐章</a></h1>
		<h2 class="header__subtitle">技术面前，永远都是学生。</h2>
	</header>

	<main>
		
	<span class="different-posts different-posts_earlier">📖 <a href="/page/42">earlier posts</a> 📖</span>




	<article>
	
		<h1><a href="/2017/10/12/Apache/51. apache限制某个目录下的php文件没有执行权限/">apache限制某个目录下的php文件没有执行权限</a></h1>
	
	<div class="article__infos">
		<span class="article__date">2017-10-12</span><br />
		
		
			<span class="article__tags">
			  	<a class="article__tag-link" href="/tags/Apache/">Apache</a> <a class="article__tag-link" href="/tags/LAMP/">LAMP</a>
			</span>
		
	</div>

	

	
		<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;为了安全期间，有时我们需要限制网站下的某些目录对于php脚本不能执行。</p>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;有两种方法可以参考：</p>
<ol>
<li>使用.htaccess 文件限制</li>
</ol>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;在要限制php执行的目录下，创建.htaccess文件，加入内容</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">php_flag engine off</div></pre></td></tr></table></figure>
<ol>
<li>使用apache的配置文件httpd.conf<br>在相关的虚拟主机段，加入 </li>
</ol>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div></pre></td><td class="code"><pre><div class="line">&lt;Directory /data/www/data/&gt;</div><div class="line">  php_admin_flag engine off </div><div class="line">  &lt;filesmatch <span class="string">"(.*)php"</span>&gt;</div><div class="line">    Order deny,allow</div><div class="line">    Deny from all</div><div class="line">    Allow from 127.0.0.1 </div><div class="line">  &lt;/filesmatch&gt;</div><div class="line">&lt;/Directory&gt;</div></pre></td></tr></table></figure>

	

	

</article>




	<article>
	
		<h1><a href="/2017/10/12/Apache/50. apache 限制指定user_agent/">apache 限制指定user_agent</a></h1>
	
	<div class="article__infos">
		<span class="article__date">2017-10-12</span><br />
		
		
			<span class="article__tags">
			  	<a class="article__tag-link" href="/tags/Apache/">Apache</a> <a class="article__tag-link" href="/tags/LAMP/">LAMP</a>
			</span>
		
	</div>

	

	
		<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;有些user_agent 不是我们想要的，可以通过rewrite功能针对 %{HTTP_USER_AGENT} 来rewirete到404页，从而达到限制某些user_agent的请求。</p>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;配置如下</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div></pre></td><td class="code"><pre><div class="line">RewriteEngine on</div><div class="line">RewriteCond %&#123;HTTP_USER_AGENT&#125;  ^.*Firefox/4.0* [NC,OR]</div><div class="line">RewriteCond %&#123;HTTP_USER_AGENT&#125;  ^.*Tomato Bot/1.0* [NC]</div><div class="line">RewriteCond   %&#123;REQUEST_URI&#125; !^/404*</div><div class="line">RewriteRule  .*  /404.html</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;请注意，404.html千万别再跳转到其他页面了，否则很有可能就会死循环了。</p>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;其实rewrite到404.html 并不是很好的办法，而apache的rewrite功能有一项就是forbidden ,那就是 F</p>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;配置如下</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div></pre></td><td class="code"><pre><div class="line">RewriteEngine on</div><div class="line">RewriteCond %&#123;HTTP_USER_AGENT&#125;  ^*Firefox/4.0* [NC,OR]</div><div class="line">RewriteCond %&#123;HTTP_USER_AGENT&#125;  ^*Tomato Bot/1.0* [NC]</div><div class="line">RewriteRule  .*  -  [F]</div></pre></td></tr></table></figure>
	

	

</article>




	<article>
	
		<h1><a href="/2017/10/12/Apache/5. apache编译安装参数说明/">apache编译安装参数说明</a></h1>
	
	<div class="article__infos">
		<span class="article__date">2017-10-12</span><br />
		
		
			<span class="article__tags">
			  	<a class="article__tag-link" href="/tags/Apache/">Apache</a> <a class="article__tag-link" href="/tags/LAMP/">LAMP</a>
			</span>
		
	</div>

	

	
		<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;apache编译安装参数说明</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div></pre></td><td class="code"><pre><div class="line">./configure <span class="comment">#配置源代码树</span></div><div class="line">--prefix=/usr/<span class="built_in">local</span>/apache2 <span class="comment">#体系无关文件的顶级安装目录prefix ，也就apache的安装目录。如果没有指定PREFIX，默认会装到/usr/local/apache2。</span></div><div class="line">--<span class="built_in">enable</span>-module=so <span class="comment">#打开 so 模块，so 模块是用来提 dso 支持的 apache 核心模块</span></div><div class="line">--<span class="built_in">enable</span>-deflate=shared <span class="comment">#支持网页压缩</span></div><div class="line">--<span class="built_in">enable</span>-expires=shared <span class="comment">#支持 http 控制</span></div><div class="line">--<span class="built_in">enable</span>-rewrite=shared <span class="comment">#支持 url 重写</span></div><div class="line">--<span class="built_in">enable</span>-cache <span class="comment">#支持缓存</span></div><div class="line">--<span class="built_in">enable</span>-file-cache <span class="comment">#支持文件缓存</span></div><div class="line">--<span class="built_in">enable</span>-mem-cache <span class="comment">#支持记忆缓存</span></div><div class="line">--<span class="built_in">enable</span>-disk-cache <span class="comment">#支持磁盘缓存</span></div><div class="line">--<span class="built_in">enable</span>-static-support <span class="comment">#支持静态连接(默认为动态连接)</span></div><div class="line">--<span class="built_in">enable</span>-static-htpasswd <span class="comment">#使用静态连接编译 htpasswd - 管理用于基本认证的用户文件</span></div><div class="line">--<span class="built_in">enable</span>-static-htdigest <span class="comment">#使用静态连接编译 htdigest - 管理用于摘要认证的用户文件 </span></div><div class="line">--<span class="built_in">enable</span>-static-rotatelogs <span class="comment">#使用静态连接编译 rotatelogs - 滚动 apache 日志的管道日志程序 </span></div><div class="line">--<span class="built_in">enable</span>-static-logresolve <span class="comment">#使用静态连接编译 logresolve - 解析 apache 日志中的ip地址为主机名</span></div><div class="line">--<span class="built_in">enable</span>-static-htdbm <span class="comment">#使用静态连接编译 htdbm - 操作 dbm 密码数据库 </span></div><div class="line">--<span class="built_in">enable</span>-static-ab <span class="comment">#使用静态连接编译 ab - apache http 服务器性能测试工具</span></div><div class="line">--<span class="built_in">enable</span>-static-checkgid <span class="comment">#使用静态连接编译 checkgid </span></div><div class="line">--<span class="built_in">disable</span>-cgid <span class="comment">#禁止用一个外部 cgi 守护进程执行cgi脚本</span></div><div class="line">--<span class="built_in">disable</span>-cgi <span class="comment">#禁止编译 cgi 版本的 PHP</span></div><div class="line">--<span class="built_in">disable</span>-userdir <span class="comment">#禁止用户从自己的主目录中提供页面</span></div><div class="line">--with-mpm=worker <span class="comment"># 让apache以worker方式运行</span></div></pre></td></tr></table></figure>
	

	

</article>




	<article>
	
		<h1><a href="/2017/10/12/Apache/49. apache 禁止解析 php/">apache 禁止解析 php</a></h1>
	
	<div class="article__infos">
		<span class="article__date">2017-10-12</span><br />
		
		
			<span class="article__tags">
			  	<a class="article__tag-link" href="/tags/Apache/">Apache</a> <a class="article__tag-link" href="/tags/LAMP/">LAMP</a>
			</span>
		
	</div>

	

	
		<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;某个目录下禁止解析 php ，这个很有用，做网站安全的时候，这个用得很多，比如某些目录可以上传文件，为了避免上传的文件有木马，所以我们禁止这个目录下面的访问解析 php。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div></pre></td><td class="code"><pre><div class="line">[root@lamp ~]<span class="comment"># vim /usr/local/apache2/conf/extra/httpd-vhosts.conf</span></div><div class="line"></div><div class="line">&lt;Directory /data/www/data/&gt;</div><div class="line">  php_admin_flag engine off </div><div class="line">  &lt;filesmatch <span class="string">"(.*)php"</span>&gt;</div><div class="line">    Order deny,allow</div><div class="line">    Deny from all</div><div class="line">    Allow from 127.0.0.1 </div><div class="line">  &lt;/filesmatch&gt;</div><div class="line">&lt;/Directory&gt;</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;说明： php_admin_flag engine off 这个语句就是禁止解析 php 的控制语句，但只这样配置还不够，因为这样配置后用户依然可以访问 php 文件，只不过不解析了，但可以下载，用户下载 php  文件也是不合适的，所以有必要再禁止一下。</p>

	

	

</article>




	<article>
	
		<h1><a href="/2017/10/12/Apache/48. 针对访问uri 限制ip/">针对访问uri 限制ip</a></h1>
	
	<div class="article__infos">
		<span class="article__date">2017-10-12</span><br />
		
		
			<span class="article__tags">
			  	<a class="article__tag-link" href="/tags/Apache/">Apache</a> <a class="article__tag-link" href="/tags/LAMP/">LAMP</a>
			</span>
		
	</div>

	

	
		<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;在虚拟主机配置文件中加入如下字段：</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div></pre></td><td class="code"><pre><div class="line">Order deny,allow</div><div class="line">Deny from all</div><div class="line">Allow from 127.0.0.1</div><div class="line">Allow from  2.2.2.2</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;假如该虚拟机的域名为 domain.com , 这样配置后，除了 127.0.0.1 和 2.2.2.2 外，其他ip访问以下类似的uri时都会直接禁止的。</p>
<p><a href="http://domain.com/1212admin.txt" target="_blank" rel="external">http://domain.com/1212admin.txt</a> </p>
<p><a href="http://domain.com/admin.php" target="_blank" rel="external">http://domain.com/admin.php</a></p>
<p><a href="http://domain.com/1212/admin.html" target="_blank" rel="external">http://domain.com/1212/admin.html</a></p>
<p>等等。</p>

	

	

</article>




	<article>
	
		<h1><a href="/2017/10/12/Apache/47. httpd-2.4.x 版本客户端访问控制/">httpd-2.4.x 版本客户端访问控制</a></h1>
	
	<div class="article__infos">
		<span class="article__date">2017-10-12</span><br />
		
		
			<span class="article__tags">
			  	<a class="article__tag-link" href="/tags/Apache/">Apache</a> <a class="article__tag-link" href="/tags/LAMP/">LAMP</a>
			</span>
		
	</div>

	

	
		<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;在apache2.4版本之前做客户端访问控制,是用Allow Deny Order指令做访问控制的,而在2.4的版本上是用的用法跟之前的版本大不相同,如下</p>
<hr>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;2.2上的配置 </p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line">Order deny,allow </div><div class="line">Deny from all</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;2.4上的配置 </p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">Require all denied</div></pre></td></tr></table></figure>
<hr>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;2.2上的配置 </p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line">Order allow,deny </div><div class="line">Allow from all</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;2.4上的配置 </p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">Require all granted</div></pre></td></tr></table></figure>
<hr>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;下面给出了几个例子在2.4版本上的配置</p>
<ol>
<li>仅允许IP为192.168.1.1的主机访问</li>
</ol>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div></pre></td><td class="code"><pre><div class="line">&lt;RequireAll&gt; </div><div class="line">  require all granted </div><div class="line">  require ip 192.168.1.1 </div><div class="line">&lt;/RequireAll&gt;</div></pre></td></tr></table></figure>
<ol>
<li>仅允许192.168.0.0/24网络的主机访问</li>
</ol>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div></pre></td><td class="code"><pre><div class="line">&lt;RequireAll&gt; </div><div class="line">  require all granted </div><div class="line">  require ip 192.168.1.0/24 </div><div class="line">&lt;/RequireAll&gt;</div></pre></td></tr></table></figure>
<ol>
<li>禁止192.168.1.2的主机访问,其他的都允许访问,</li>
</ol>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div></pre></td><td class="code"><pre><div class="line">&lt;RequireAll&gt; </div><div class="line">  require all granted </div><div class="line">  require not ip 192.168.1.2 </div><div class="line">&lt;/RequireAll&gt;</div></pre></td></tr></table></figure>
<ol>
<li>允许所有访问,</li>
</ol>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">require all granted</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;注：这个可以不用加容器<requireall> ……  </requireall> </p>
<ol>
<li><p>直接,写在 <directory ""=""> …..</directory>里面就可以了</p>
</li>
<li><p>拒绝所有访问</p>
</li>
</ol>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">require all denied</div></pre></td></tr></table></figure>
	

	

</article>




	<article>
	
		<h1><a href="/2017/10/12/Apache/46. apache几种限制ip的方法/">apache几种限制ip的方法</a></h1>
	
	<div class="article__infos">
		<span class="article__date">2017-10-12</span><br />
		
		
			<span class="article__tags">
			  	<a class="article__tag-link" href="/tags/Apache/">Apache</a> <a class="article__tag-link" href="/tags/LAMP/">LAMP</a>
			</span>
		
	</div>

	

	
		<ol>
<li>禁止访问某些文件/目录增加Files选项来控制，比如要不允许访问 .inc 扩展名的文件，保护php类库：</li>
</ol>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div></pre></td><td class="code"><pre><div class="line">&lt;Files ~ <span class="string">"\.inc$"</span>&gt;</div><div class="line"> Order allow,deny</div><div class="line"> Deny from all</div><div class="line">&lt;/Files&gt;</div></pre></td></tr></table></figure>
<ol>
<li>禁止访问某些指定的目录：（可以用 <directorymatch> 来进行正则匹配）</directorymatch></li>
</ol>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div></pre></td><td class="code"><pre><div class="line">&lt;Directory ~ <span class="string">"^/var/www/（.+/）*[0-9]&#123;3&#125;"</span>&gt;</div><div class="line"> Order allow,deny</div><div class="line"> Deny from all</div><div class="line">&lt;/Directory&gt;</div></pre></td></tr></table></figure>
<ol>
<li>通过文件匹配来进行禁止，比如禁止所有针对图片的访问：</li>
</ol>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div></pre></td><td class="code"><pre><div class="line">&lt;FilesMatch \.(gif|jpeg|png)$&gt;</div><div class="line"> Order allow,deny</div><div class="line"> Deny from all</div><div class="line">&lt;/FilesMatch&gt;</div></pre></td></tr></table></figure>
<ol>
<li>针对URL相对路径的禁止访问：</li>
</ol>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div></pre></td><td class="code"><pre><div class="line">&lt;Location /dir/&gt;</div><div class="line"> Order allow,deny</div><div class="line"> Deny from all</div><div class="line">&lt;/Location&gt;</div></pre></td></tr></table></figure>
<ol>
<li>禁止某些IP访问/只允许某些IP访问如果要控制禁止某些非法IP访问，在Directory选项控制：</li>
</ol>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div></pre></td><td class="code"><pre><div class="line">&lt;Directory <span class="string">"/var/www/web/"</span>&gt;</div><div class="line"> Order allow,deny</div><div class="line"> Allow from all</div><div class="line"> Deny from 10.0.0.1          <span class="comment">#阻止一个IP</span></div><div class="line"> Deny from 192.168.0.0/24    <span class="comment">#阻止一个IP段</span></div><div class="line">&lt;/Directory&gt;</div></pre></td></tr></table></figure>
<ol>
<li>只允许某些IP访问，适合比如就允许内部或者合作公司访问：</li>
</ol>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div></pre></td><td class="code"><pre><div class="line">&lt;Directory <span class="string">"/var/www/web/"</span>&gt;</div><div class="line"> Order deny,allow</div><div class="line"> Deny from all</div><div class="line"> Allow from example.com              <span class="comment">#允许某个域名</span></div><div class="line"> Allow from 10.0.0.1                 <span class="comment">#允许一个IP</span></div><div class="line"> Allow from 10.0.0.1 10.0.0.2        <span class="comment">#允许多个IP</span></div><div class="line"> Allow from 10.1.0.0/255.255.0.0     <span class="comment">#允许一个IP段，掩码对</span></div><div class="line"> Allow from 10.0.1 192.168           <span class="comment">#允许一个IP段，后面不填写</span></div><div class="line"> Allow from 192.168.0.0/24           <span class="comment">#允许一个IP段，网络号</span></div><div class="line">&lt;/Directory&gt;</div></pre></td></tr></table></figure>

	

	

</article>




	<article>
	
		<h1><a href="/2017/10/12/Apache/45. apache的order、allow、deny/">apache的order、allow、deny</a></h1>
	
	<div class="article__infos">
		<span class="article__date">2017-10-12</span><br />
		
		
			<span class="article__tags">
			  	<a class="article__tag-link" href="/tags/Apache/">Apache</a> <a class="article__tag-link" href="/tags/LAMP/">LAMP</a>
			</span>
		
	</div>

	

	
		<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;这个东西确实挺容易让人迷糊。其实也不难，只要掌握这样一条规律即可：</p>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;首先举个例子：</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div></pre></td><td class="code"><pre><div class="line">Order deny,allow</div><div class="line">deny from all</div><div class="line">allow from 127.0.0.1</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;判断的依据是这样的：</p>
<ol>
<li>看Order后面的，哪个在前，哪个在后</li>
<li>如果deny在前，那么就需要看deny from 这句，然后看allow from 这一句</li>
<li>规则是一条一条的匹配的，不管是deny在前还是allow在前，都是会生效的。比如例子中，先deny 了所有，然后又allow了127.0.0.1，所以127.0.0.1是通过的。</li>
</ol>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;不妨再多举几个例子：</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div></pre></td><td class="code"><pre><div class="line">Order allow,deny</div><div class="line">deny from all</div><div class="line">allow from 127.0.0.1</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;这个就会deny所有了，127.0.0.1也会被deny。因为顺序是先allow然后deny，虽然一开始allow了127.0.0.1，但是后面又拒绝了它。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line">Order allow,deny</div><div class="line">deny from all</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;全部都不能通行</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line">Order deny,allow</div><div class="line">deny from all</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;全部都不能通行</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">Order deny,allow</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;全部都可以通行（默认的），记住即可</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">Order allow,deny</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;全部都不能通行（默认的），记住即可</p>

	

	

</article>




	<article>
	
		<h1><a href="/2017/10/12/Apache/44. apache2.2 到 2.4后配置文件需要更改的部分/">apache2.2 到 2.4后配置文件需要更改的部分</a></h1>
	
	<div class="article__infos">
		<span class="article__date">2017-10-12</span><br />
		
		
			<span class="article__tags">
			  	<a class="article__tag-link" href="/tags/Apache/">Apache</a> <a class="article__tag-link" href="/tags/LAMP/">LAMP</a>
			</span>
		
	</div>

	

	
		<ol>
<li>访问控制</li>
</ol>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;2.2 的时候</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line">Order deny,allow</div><div class="line">Deny from all</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;在 2.4 需要改成</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">Require all denied</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;常用的配置有：</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div></pre></td><td class="code"><pre><div class="line">Require all denied   </div><div class="line">Require all granted   </div><div class="line">Require host xxx.com   </div><div class="line">Require ip 192.168.1 192.168.2   </div><div class="line">Require <span class="built_in">local</span></div></pre></td></tr></table></figure>
<ol>
<li>RewriteLogLevel  变为：logLevel</li>
</ol>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;如，LogLevel warn rewrite: warn</p>
<ol>
<li><p>Namevirtualhost 被移除</p>
</li>
<li><p>网站压缩，除了使用mod_deflate，还要mod_filter</p>
</li>
</ol>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;使用ssl，除了使用mod_ssl，还需要mod_socache_shmcb</p>

	

	

</article>




	<article>
	
		<h1><a href="/2017/10/12/Apache/43. apache 配置https 支持ssl/">apache 配置https 支持ssl</a></h1>
	
	<div class="article__infos">
		<span class="article__date">2017-10-12</span><br />
		
		
			<span class="article__tags">
			  	<a class="article__tag-link" href="/tags/Apache/">Apache</a> <a class="article__tag-link" href="/tags/LAMP/">LAMP</a>
			</span>
		
	</div>

	

	
		<h2 id="安装openssl"><a href="#安装openssl" class="headerlink" title="安装openssl"></a>安装openssl</h2><p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;apache2.0 建议安装0.9版本，曾经试过2.0.59 对openssl-1.0编译不过去。<a href="http://www.openssl.org/source/" target="_blank" rel="external">下载Openssl</a></p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div></pre></td><td class="code"><pre><div class="line">tar -zxf openssl-0.9.8k.tar.gz    <span class="comment">#解压安装包   </span></div><div class="line"><span class="built_in">cd</span> openssl-0.9.8k                 <span class="comment">#进入已经解压的安装包   </span></div><div class="line">./config                          <span class="comment">#配置安装。推荐使用默认配置   </span></div><div class="line">make &amp;&amp; make install              <span class="comment">#编译及安装</span></div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;openssl默认将被安装到/usr/local/ssl </p>
<h2 id="让apache支持ssl，编译的时候，要指定ssl支持。"><a href="#让apache支持ssl，编译的时候，要指定ssl支持。" class="headerlink" title="让apache支持ssl，编译的时候，要指定ssl支持。"></a>让apache支持ssl，编译的时候，要指定ssl支持。</h2><p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;静态或者动态</p>
<ul>
<li>静态方法即  –enable-ssl=static –with-ssl=/usr/local/ssl</li>
<li><ul>
<li>动态方法  –enable-ssl=shared –with-ssl=/usr/local/ssl</li>
</ul>
</li>
</ul>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;其中第二种方法会在module/ 目录下生成 mod_ssl.so 模块，而静态不会有，当然第二种方法也需要在httpd.conf 中加入</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">LoadModule ssl_module modules/mod_ssl.so</div></pre></td></tr></table></figure>
<h2 id="生成证书"><a href="#生成证书" class="headerlink" title="生成证书"></a>生成证书</h2><h3 id="创建私钥"><a href="#创建私钥" class="headerlink" title="创建私钥"></a>创建私钥</h3><p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;在创建证书请求之前，您需要首先生成服务器证书私钥文件。  </p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line"><span class="built_in">cd</span> /usr/<span class="built_in">local</span>/ssl/bin                    <span class="comment">#进入openssl安装目录  </span></div><div class="line">openssl genrsa -out server.key 2048      <span class="comment">#运行openssl命令，生成2048位长的私钥server.key文件</span></div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;如果需要对 server.key 添加保护密码，请使用 -des3 扩展命令。Windows环境下不支持加密格式私钥，Linux环境下使用加密格式私钥时，每次重启Apache都需要输入该私钥密码（例：openssl genrsa -des3 -out server.key 2048）。 </p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">cp server.key   /usr/<span class="built_in">local</span>/apache/conf/ssl.key/</div></pre></td></tr></table></figure>
<h3 id="生成证书请求（CSR）文件"><a href="#生成证书请求（CSR）文件" class="headerlink" title="生成证书请求（CSR）文件"></a>生成证书请求（CSR）文件</h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div></pre></td><td class="code"><pre><div class="line">openssl req -new -key server.key -out certreq.csr   </div><div class="line">Country Name：                           <span class="comment">#您所在国家的ISO标准代号，中国为CN   </span></div><div class="line">State or Province Name：                 <span class="comment">#您单位所在地省/自治区/直辖市   </span></div><div class="line">Locality Name：                          <span class="comment">#您单位所在地的市/县/区   </span></div><div class="line">Organization Name：                      <span class="comment">#您单位/机构/企业合法的名称   </span></div><div class="line">Organizational Unit Name：               <span class="comment">#部门名称   </span></div><div class="line">Common Name：                            <span class="comment">#通用名，例如：www.itrus.com.cn。此项必须与您访问提供SSL服务的服务器时所应用的域名完全匹配。   </span></div><div class="line">Email Address：                          <span class="comment">#邮件地址，不必输入，直接回车跳过   </span></div><div class="line"><span class="string">"extra"</span>attributes                        <span class="comment">#以下信息不必输入，回车跳过直到命令执行完毕。</span></div></pre></td></tr></table></figure>
<h3 id="备份私钥并提交证书请求"><a href="#备份私钥并提交证书请求" class="headerlink" title="备份私钥并提交证书请求"></a>备份私钥并提交证书请求</h3><p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;请将证书请求文件certreq.csr提交给天威诚信，并备份保存证书私钥文件server.key，等待证书的签发。服务器证书密钥对必须配对使用，私钥文件丢失将导致证书不可用。 </p>
<h2 id="安装证书"><a href="#安装证书" class="headerlink" title="安装证书"></a>安装证书</h2><h3 id="获取服务器证书中级CA证书"><a href="#获取服务器证书中级CA证书" class="headerlink" title="获取服务器证书中级CA证书"></a>获取服务器证书中级CA证书</h3><p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;为保障服务器证书在客户端的兼容性，服务器证书需要安装两张中级CA证书(不同品牌证书，可能只有一张中级证书)。   </p>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;从邮件中获取中级CA证书：   </p>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;将证书签发邮件中的从BEGIN到 END结束的两张中级CA证书内容（包括“—–BEGIN CERTIFICATE—–”和“—–END CERTIFICATE—–”）粘贴到同一个记事本等文本编辑器中，中间用回车换行分隔。修改文件扩展名，保存为conf/ssl.crt/intermediatebundle.crt文件(如果只有一张中级证书，则只需要保存并安装一张中级证书)。   </p>
<h3 id="获取EV服务器证书"><a href="#获取EV服务器证书" class="headerlink" title="获取EV服务器证书"></a>获取EV服务器证书</h3><p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;将证书签发邮件中的从BEGIN到 END结束的服务器证书内容（包括“—–BEGIN CERTIFICATE—–”和“—–END CERTIFICATE—–”） 粘贴到记事本等文本编辑器中，保存为ssl.crt/server.crt文件 </p>
<h3 id="apache的配置-2-0的配置"><a href="#apache的配置-2-0的配置" class="headerlink" title="apache的配置 2.0的配置"></a>apache的配置 2.0的配置</h3><p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;httpd.conf 中增加</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div></pre></td><td class="code"><pre><div class="line">Listen  443</div><div class="line">NameVirtualHost *:443</div><div class="line"></div><div class="line">    DocumentRoot <span class="string">"/data/web/www"</span></div><div class="line">    ServerName aaa.com:443</div><div class="line">    ErrorLog <span class="string">"logs/error.log"</span></div><div class="line">    CustomLog <span class="string">"logs/access.log"</span> combined</div><div class="line">     </div><div class="line">        SSLEngine on</div><div class="line">        SSLCertificateFile /usr/<span class="built_in">local</span>/apache/conf/ssl.crt/server.crt</div><div class="line">        SSLCertificateKeyFile /usr/<span class="built_in">local</span>/apache/conf/ssl.key/server.key</div><div class="line">        SSLCertificateChainFile /usr/<span class="built_in">local</span>/apache/conf/ssl.crt/intermediatebundle.crt</div></pre></td></tr></table></figure>

	

	

</article>





	<span class="different-posts">📖 <a href="/page/44">more posts</a> 📖</span>



	</main>

	<footer class="footer">
	<div class="footer-content">
		
	      <div class="footer__element">
	<p>Hi there, <br />welcome to my Blog glad you found it. Have a look around, will you?</p>
</div>

	    
	      <div class="footer__element">
	<h5>Check out</h5>
	<ul class="footer-links">
		<li class="footer-links__link"><a href="/archives">Archive</a></li>
		
		  <li class="footer-links__link"><a href="/atom.xml">RSS</a></li>
	    
		<li class="footer-links__link"><a href="/about">about page</a></li>
		<li class="footer-links__link"><a href="/tags">Tags</a></li>
		<li class="footer-links__link"><a href="/categories">Categories</a></li>
	</ul>
</div>

	    

		<div class="footer-credit">
			<span>© 2017 失落的乐章 | Powered by <a href="https://hexo.io/">Hexo</a> | Theme <a href="https://github.com/HoverBaum/meilidu-hexo">MeiliDu</a></span>
		</div>

	</div>


</footer>



</body>

</html>
